Can Do vs. Should Do: The Ethics of Gathering and Using Workforce Data

By Carmen von Rohr 30th October 2018

Companies have always held sensitive data on their workforces. Historically, this data has been used for diverse purposes, such as to preserve business records, to meet legal and regulatory obligations, and/or as evidence in litigation.

However, advanced technologies are now providing powerful new tools that allow companies unprecedented access to employee data. Today’s employer can collect and analyse data from employees’ emails, social networking activity, telephone calls, and internet browsing, alongside the more traditional data that rests in employees’ personnel files, such as performance reviews and disciplinary actions. Through the emerging technology of wearable devices, companies are even able to collect data on their employees’ tone of voice, conversation patterns, and physical movements.

Today’s technologies allow this data to be analysed with new efficiency, and there is great excitement about the opportunities to improve management capability and business performance that such analyses might yield. For example, using data to track employee sentiment, map relationships, and predict retention may allow companies to increase productivity, maximise efficiency, and improve employee collaboration.

In today’s digitally disrupted economy, where companies face constant change and global competition, rapid adaptation is imperative to survival. Many companies see an opportunity to turn the insights gleaned from employee data into a source of competitive advantage that will allow them to thrive in the new economy.

But the mass collection of employee data poses ethical challenges and a variety of risks to companies, such as…

The risk of reputational damage to your company (for example, from a data breach, violation of employee privacy, etc.)

The risk that increased monitoring and evaluation of employees will lead to counterproductive management practices, such as micromanagement or poor decision-making (for example, a manager might wrongly interpret a distracted employee as disengaged, and make development or promotion decisions based on this, when in fact the employee is distracted for reasons unrelated to engagement)

Ethical issues related to the use of algorithms (for example, algorithms are often opaque, and users may have a limited understanding of how a given algorithm reached its decision; there is a risk that algorithmic decisions may be unfair, such as not promoting someone because they have been deemed ‘at risk’ of quitting)

Ultimately, companies are faced with a core tension between what they can do with employee data, and what they should do with this data. While this tension also exists with respect to the collection of data on customers, the power imbalance between employers and employees makes employee data collection an especially sensitive issue – one on which it is imperative that the HR function has a voice. Because HR professionals tend to be more sensitive to human behaviour inside the organisation, they are in a position to better understand the implications of mass data gathering for employee behaviour and performance. HR should be at the table, helping to inform decisions and craft policies from the very beginning of any data collection efforts. To be effective in this role, HR professionals should have a good knowledge of their tools and the potential consequences of using them, including unintended consequences.

Start with your legal obligations. Every organisation exists within some legal and regulatory framework that will inform the collection and use of employee data. These standards vary by country, and organisations with employees in different regions will need to take account of this when determining data policies. In the US, data generated by employees at work is judged to be the company’s property, but in Europe, the balance of control is more in favour of the employee. That balance has shifted further towards employees since the General Data Protection Regulation (GDPR) came into force on 28th May 2018.

Understand the privacy culture at your organisation. What does privacy mean to your employees? What are their expectations for how it will be respected? Do beliefs and expectations vary by region, and if so, how?

Be as transparent as possible about data collection and use. Why is the data being collected? What will it be used for? How is it being kept safe? Is all this clear to employees?

Clarify your employees’ rights in terms of data collection and use. What control do they have over their data? Is there a process by which employees can make their voices heard on the issue?

Articulate the advantages of using the data. How will employees benefit from the data’s collection and use? It’s important to make the case for how the data collection and analysis will help employees. Will it help them to better understand and improve themselves? Their performance? Wider organisational performance?

Define and share guidelines on privacy in your organisation. Share examples of good practice (for example, using company devices only for business).

Solicit feedback from your employees. Create a safe space for the discussion of ethics in your organisation and encourage employees to offer feedback. Earn their trust and goodwill. You want your employees to trust the data, to trust the organisation’s intentions, to trust the decisions being made on the basis of the data, and to trust that those decisions will lead to better and fairer outcomes. Transparency and channels for offering feedback will help build this trust. Remember also that your employees may have valuable insights on questionable practices that you haven’t considered.

Anonymise and aggregate employee data, and report findings at the aggregate level.

Continually audit your data collection and use. Decision-making should not be a one-off process; revisit your policies as the context changes. Be informed about the limitations of your data and keep a critical eye on emerging technologies and the ethical landscape.